For Defence Suppliers · Defence Responsible AI Policy · March 2026

Everywhere else, AI governance is commercial pressure. In Defence, it's policy — and it reaches your contract.

◆ Built by the Bid Director of Australia's largest naval shipbuilding programme — LHD Amphibious EPC Program

In March 2026, Defence released its policy settings for the responsible use of AI — a binding governance framework across the Defence portfolio, with reach extending into the organisations that supply and operate alongside it. If you hold Defence work or are bidding it, this isn't a voluntary standard you can defer. Your obligations are being set by your contract, your prime, and the policy itself.

You already know how this works. DISP, ISO, AIC plans — Defence suppliers buy compliance because Defence demands it. AI governance has now joined that list. The difference is that almost nobody in the supply chain has it in place yet, which means the suppliers who move first hold an advantage in every bid where it's scored.

Book a Defence Scoping Call Check Where You Need to Comply →

Trusted by leaders from

EnerMech Accenture Wood PLC Kipanga Mindhive University of Sydney

What changed in March 2026

The rest of the market is preparing for AI governance. Defence suppliers are already obligated.

Across most of Australian heavy industry, the National AI Plan works through commercial pressure: pre-qual questions, tender schedules, flowdown clauses. Strong incentives, but not yet binding for most contractors. Defence is the exception.

Everywhere else

AI6 Guidance is voluntary on paper, expected in practice. The DTA Policy binds Commonwealth agencies and reaches contractors through contract clauses. The forcing function is commercial — pre-qual gates and preferred supplier lists.

In Defence

The Responsible AI policy settings are binding across the Defence portfolio, and their reach extends into the supply chain — the organisations that supply, support, and operate alongside Defence. The forcing function is the policy itself, expressed through your contract and your prime's flowdown.

What that means in practice: if your AI use is undocumented, unapproved, or can't be evidenced, you don't have a future compliance problem — you have a current one. And the primes managing Defence programs know it, because their audit surface includes you.

Who this reaches

If any of these sound like your business, the policy reaches you.

Defence primes and majors

You're managing your own obligation and your supply chain's. Your flowdown needs to be calibrated, auditable, and proportionate — the same Prime Track work, with the Defence policy as the binding overlay.

SME and mid-tier Defence suppliers

Fabricators, maintainers, engineers, ICT and services suppliers into Defence programs. You already carry DISP and quality obligations — AI governance is the new entry on the same list, and your prime will ask before Defence does.

Suppliers bidding into Defence for the first time

AIC requirements favour Australian suppliers — but the governance bar is part of the deal. A documented, evidenced AI position is becoming part of what credible looks like at pre-qual.

Anything touching personnel data, operational technology, or critical infrastructure assets carries additional obligations under the Privacy Act ADM amendments and SOCI/CIRMP — both of which run alongside the Defence policy, not instead of it.

The same infrastructure, the Defence wrapper

The systems are pre-built. The Defence configuration is the engagement.

Every engagement deploys the same pre-built compliance infrastructure described on The Infrastructure page — configured for the Defence context: the binding policy overlay, the security posture your contracts assume, and the evidence standard a Defence prime's governance team will actually test.

Layer 1 — AI Ethics & Usage Policy + Privacy Act ADM

Board-signed policy and disclosure position, written to sit alongside your existing DISP and security governance rather than duplicating it.

Layer 2 — AI6 Compliance System, Defence-configured

The six-pillar evidence pack, with use case and vendor registers built around the data sensitivity and approval chains Defence work demands. Tender response language mapped to what Defence primes score.

Layer 3 — AI Impact Assessment

Expect to produce one on Defence-adjacent government work — primes and agencies are requiring it through contract. Source-traced drafting from your own documents. Australian-hosted, data never leaves the country.

Layers 4 + 5 — Full coverage and TenderPulse, for primes and complex scopes

Cascade Response Engine for flowdown questionnaires, and the live compliance cockpit — including the sovereign AI gap analysis that flags where a prime's requirement exceeds the NAIP baseline.

Sovereign AI — named, because in Defence it actually applies

Elsewhere we flag Sovereign AI as a scope that exceeds the NAIP baseline. Defence and data-centre work is where it's genuinely sought. Our own infrastructure is Australian-hosted, and where your contract or prime requires sovereign hosting of your AI stack, that capability is available through our technology partner Kipanga's ISO 27001 certified Australian infrastructure — scoped explicitly, priced explicitly, never assumed.

Where to start

Two entry points, depending on where you sit.

Defence suppliers · Tier 2/3

National AI Plan Compliance System — Defence configuration

$6,500 + GST · five days

The same fixed-price, five-day engagement on the Sub-Contractor Track, configured for the Defence context: the binding policy overlay mapped against the six pillars, evidence formats your prime's governance team will recognise, and tender language that doesn't overpromise what your system can prove.

Layers 1 and 2 deployed and populated — policy, ADM position, six-pillar evidence pack
Layer 3 AI Impact Assessment where your scope triggers it
Tender response language mapped to the five evidence pillars assessors score
The $950 Gap Check and $3,750 readiness audit both credit in full toward the system — you never pay twice

Book a Defence Scoping Call

Defence primes and majors

Board Briefing, then the Prime Track

$5,500 + GST · Board Briefing · fixed scope

Start with the 90-minute board or ELT session and written brief from the Prime Track — your governance position against the Defence policy, the National AI Plan streams, and the flowdown your primes' principals are drafting — then scale into the full five-layer engagement where warranted.

Gap summary across your current pockets of AI activity, Defence policy overlay included
Sequenced 12-month obligation map your board can plan against
Risk-tiered flowdown calibration for your Defence supply chain
Full Prime Track: solvable in 90 days, dashboard left running

Book the Board Briefing

Why this person, for this segment

Defence bids are where I come from. This isn't a market I researched — it's one I've worked in.

I was Bid Director on Australia's largest naval shipbuilding programme — the LHD Amphibious EPC Program. I've pioneered alliance models that cut Defence ship upgrade cycles from four years to eighteen months, and I've sat in the governance reviews where Defence primes decide which suppliers they trust with sensitive scope.

When a Defence prime's governance team tests your AI position, the questions come from the same discipline that tests your security posture and your AIC commitments. I know that discipline from the inside — what gets scored, what gets challenged, and what a credible supplier answer looks like at post-shortlist.

The infrastructure is pre-built. The judgement about what Defence work demands of it is not.

◆
Bid Director — Australia's largest naval shipbuilding programme (LHD Amphibious EPC Program)

◆
Alliance model pioneer — reduced Defence ship upgrade cycles from 4 years to 18 months

◆
VP Strategy & Development, Asia Pacific — Wood PLC (FTSE 100), 7 business units, 4 countries

◆
Naval Architect — base discipline, three decades in heavy industry delivery

MBA · University of New England Certified Master Project Director · AIPM AI Fluency Professional · USyd Certified AI Lead Partner · Mindhive

Common questions

Straight answers for Defence suppliers.

We're DISP members with mature security governance. Doesn't that cover AI?

No — it helps, but it doesn't cover it. Your security governance covers how information is protected; the AI policy settings are about how AI is used, approved, documented, and evidenced. The good news is your DISP discipline makes the build faster: the approval culture and document control are already there. The AI governance layer sits alongside it, not on top of it.

Our prime hasn't asked us about AI yet. Why move now?

Because the policy is already binding on the portfolio your prime serves, and the flowdown is a when, not an if. Defence suppliers who wait for the letter respond to someone else's timeline and someone else's standard. The ones who move first walk into the conversation with the evidence pack already built — and in a market where almost nobody has it, that's scored.

Is Sovereign AI required for Defence work?

It depends on your contract and scope — it's genuinely sought in Defence more than anywhere else, but it isn't automatic. Our position is the same as everywhere on this site: Sovereign AI exceeds the NAIP baseline and is its own scope, never assumed into a compliance package. If your contract requires it, we scope it explicitly, with our technology partner Kipanga's ISO 27001 certified Australian hosting as the delivery layer.

Does the qualified refund apply on Defence work?

Yes — the same conditions as the standard Sub-Contractor package: if an eligible bid is rejected solely on AI governance grounds after the system is in place and the tender language has been used, you receive a refund. Conditions documented before the engagement starts.

We're mid-bid right now. Is there a faster path?

Yes. The Tender AI Response engagement covers the live submission — the AI governance section drafted around what you actually have, with a gap strategy for anything likely to be tested before award — while the full system is built in parallel. Raise it in the scoping call and we'll sequence around your submission date.

In Defence, the question isn't whether the AI governance ask is coming. It's whether you answer it on your timeline or your prime's.

A 20-minute scoping call covers what the Defence policy means for your specific scope, which layers apply, what the engagement sequence looks like, and what it costs. If you're not ready for a call, the compliance check tool tells you your obligation tier in under 2 minutes.

Book a Defence Scoping Call Check Where You Need to Comply →

Not sure if Defence-specific or Sovereign AI scope applies to you? Book a call to discuss how this applies to you →